OSINT News - June 2nd, by Bart Otten

Micro Focus Expert
Micro Focus Expert
0 0 114
0 Likes

Fortune 500 company NTT discloses security breach

Image: Ryo Yoshitake, NTT Ltd. Nippon Telegraph & Telephone (NTT), the 64th biggest company in the world, according to the Fortune 500 list, has disclosed today a security breach.
www.zdnet.com

---
The zero-day exploits of Operation WizardOpium

The exploit uses the leaked pointer to get the address of the raw pointer to the feedforward_ array with the AudioArray<double> type that is present in the IIRProcessor object created with IIRFilterNode. This array should be located in the same SuperPage, but in different versions of Chrome this object is created in different PartitionPages and there is a special code inside initialUAFCallback ...
securelist.com

---
The Octopus Scanner Malware: Attacking the open source supply chain

Securing the open source supply chain is an enormous task. It goes far beyond a security assessment or just patching for the latest CVEs. Supply chain security is about the integrity of the entire software development and delivery ecosystem.
securitylab.github.com

---
Updates about government-backed hacking and disinformation

Coordinated influence operations Government-backed or state-sponsored groups have different goals in carrying out their attacks: Some are looking to collect intelligence or steal intellectual property; others are targeting dissidents or activists, or attempting to engage in coordinated influence operations and disinformation campaigns.
www.blog.google

---
Israel ’s national cyber chief warns of rising of cyber-warfare 

Israel ’s national cyber chief acknowledged the country had thwarted a major cyber attack in April against its water systems. The media, citing officials that spoke under condition of anonymity, attributed the “synchronized and organized ...
securityaffairs.co

---
Valak a sophisticated malware that completely changed in 6 months

The Valak malware completely changed over the past six months, it was first developed to act as a loader, but now it implements also infostealer capabilities. The malicious code fist appeared in […]
securityaffairs.co

---
Ke3chang hacking group adds new Ketrum malware to its arsenal

TThe Ke3chang hacking group (aka APT15, Vixen Panda, Playful Dragon, and Royal APT) has developed new malware dubbed Ketrum by borrowing parts of the source code and features from their older Ketrican and Okrum backdoors.
securityaffairs.co

---
Microsoft warns about ongoing PonyFinal ransomware attacks

Microsoft’s security team issued a series of tweets warning organizations to deploy protections against a new piece of ransomware dubbed PonyFinal that has been in the wild over the past […]
securityaffairs.co

---
Researchers dismantled ShuangQiang gang’s botnet that infected thousands of PCs

A joint operations conducted by experts from Chinese firms Qihoo 360 Netlab and Baidu dismantle the ShuangQiang ‘s botnet infecting over hundreds of thousands of systems. securityaffairs.co

---
The zero-day exploits of Operation WizardOpium

The exploit uses the leaked pointer to get the address of the raw pointer to the feedforward_ array with the AudioArray<double> type that is present in the IIRProcessor object created with IIRFilterNode. This array should be located in the same SuperPage, but in different versions of Chrome this object is created in different PartitionPages and there is a special code inside initialUAFCallback ...
securelist.com

---
Netwalker ransomware tools give insight into threat actor

Gabor graduated from the Eotvos Lorand University of Budapest with a degree in physics. His first job was in the Computer and Automation Research Institute, developing diagnostic software and hardware for nuclear power plants.
news.sophos.com

---
Ragnar Locker ransomware deploys virtual machine to dodge security

A new ransomware attack method takes defense evasion to a new level—deploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragn…
news.sophos.com

---
Sarwent Malware Continues to Evolve With Updated Command Functions

Jason Reaves is a Principal Threat Researcher at SentinelLabs who specializes in malware reverse-engineering. He has spent the majority of his career tracking threats in the Crimeware domain, including reverse-engineering data structures and algorithms found in malware in order to create automated frameworks for harvesting configuration and botnet data.
labs.sentinelone.com

---
StrandHogg 2.0 Android flaw affects over 1 Billion devices

Researchers disclosed a new critical vulnerability (CVE-2020-0096, aka StrandHogg 2.0) affecting the Android operating system that could allow attackers to carry out a sophisticated version of Strandhogg attack. securityaffairs.co

---
Grandoreiro Malware implements new features in Q2 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. Grandoreiro is a Latin American banking trojan targeting Brazil, Mexico, Spain, Peru, and has now extended to Portugal. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information.
securityaffairs.co

---
New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map

A new ransomware threat called [F]Unicorn has been encrypting computers in Italy by tricking victims into downloading a fake contact tracing app that promises to bring real-time updates for COVID ...
www.bleepingcomputer.com

---
New Turla ComRAT backdoor uses Gmail for Command and Control

Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ, which is a malware that was employed in past campaigns attributed to the Turla APT group. Earlier versions of Agent.BTZ were used to […]
securityaffairs.co

---
Graphing MITRE ATT&CK via Bloodhound

I’ve been using slides like the image below for some time now in presentations and I regularly get asked how I’ve created them, so I…
medium.com

---

SysInTURLA — The Lost Reports
Today’s threat actor of choice is one of my favorites, Turla (namesake of this blog). This short ‘tipper’ will discuss Kazuar and a universal love for Mark Russinovich’s SysInternal Tools.
www.epicturla.com

---
Securing the Connected World with Support for The Shadowserver Foundation

If the first few months of 2020 have taught us anything, it’s the importance of collaboration and partnership to tackle a common enemy. This is true of efforts to fight the current pandemic, and it’s also true of the fight against cybercrime. That’s why Trend Micro has, over the years, struck partnerships with various organizations...
blog.trendmicro.com

---
With the coronavirus under control, this Chinese city wants to score and rank its residents based on their health and lifestyle

How China's Covid-19 tracking app works
Imagine a smartphone app that has access to your medical records and assigns you a daily score based on your preconditions, recent checkups and lifestyle habits -- how much you've drunk, smoked, exercised and slept on any given day can all affect your points total, boosting or lowering your ranking.
edition.cnn.com

---
Introducing Blue Mockingbird

Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. They achieve initial access by exploiting public-facing web applications, specifically those that use Telerik UI for ASP.NET, followed by execution and persistence using multiple techniques (check out ...
redcanary.com

---
The evolution of ransomware in 2019: attackers think bigger, go deeper and grow more advanced

The number of ransomware attacks increased by 40 percent last year, according to Group-IB attackers think bigger and grow more advanced. Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, found out that the year of 2019 was marked by ransomware evolution and was dominated by increasingly aggressive ransomware campaigns, with its operators resorting ...
securityaffairs.co

---
Unc0ver is the first jailbreak that works on all recent iOS versions since 2014

A team of cyber-security researchers and hackers have released a new jailbreak package dubbed Unc0ver (from the name of the team that devised it) that works on all recent iOS versions. devices, even those running the current iOS 13.5 release.
securityaffairs.co

---
Researchers ID Hacktivist Who Defaced Nearly 5,000 Website

Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign. A politically motivated hacktivist who since 2013 defaced nearly 5,000 websites ...
www.darkreading.com

---
Maze ransomware operators leak credit card data from Costa Rica’s BCR bank

Maze ransomware operators have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.
Early May, Maze Ransomware operators claimed to have hacked the network of the state-owned Bank of Costa Rica ...
securityaffairs.co

---
Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Threat actors are offering for sale more than two dozen SQL databases belonging to e-commerce websites for different countries.
Threat actors have compromised insecure servers exposed online and after copying the content of their websites they left […]
securityaffairs.co

---
Thai Database Leaks 8.3 Billion Internet Records

Summary: I recently discovered an exposed ElasticSearch database when browsing BinaryEdge and Shodan.This database appears to be controlled by a subsidiary of a major Thailand-based mobile network operator named Advanced Info Service (AIS). According to Wikipedia, AIS is "Thailand's largest GSM mobile phone operator with 39.87 million customers" as of 2016.
rainbowtabl.es

---
Real estate app leaking thousands of user records and sensitive private messages

The CyberNews research team uncovered an unsecured Amazon Simple Storage Service bucket of confidential user chat logs belonging to Real estate app Tellus, a US-based software company. Tellus is a software company based in Palo Alto, California, backed by “well-known investors” that aims […]
securityaffairs.co

---
3 hacking forums have been hacked and database have been leaked online

Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to have been hacked and their databases have been leaked online Researchers from intelligence firm Cyble made the headlines again, this time they have discovered online the databases of three hacking forums. The three forums are Sinful Site, SUXX.TO and Nulled, they were all hacked. These cybercrime forums are places of aggregations for
securityaffairs.co

---
25 million Mathway user records available for sale on the dark web


A threat actor is offering for sale on a dark web marketplace a database containing 25 million user records belonging to the Mathway.
A data breach broker, known as Shiny Hunters, is offering for sale on a dark web marketplace a database that contains 25 million user records for Mathway. Early May, Shiny Hunters attempted to sell on a dark web marketplace databases containing more than 73.2 ...
securityaffairs.co

---
Minted discloses data breach after 5M user records sold online

Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace. Minted is an online ...
www.bleepingcomputer.com

---
Arbonne MLM data breach exposes user passwords, personal info

Arbonne MLM data breach exposes user passwords, personal info. Critical Android bug lets malicious apps hide in plain sight. List of ransomware that leaks victims' stolen files if not paid
www.bleepingcomputer.com

---
New York City Man Charged with Hacking, Credit Card Trafficking, and Money Laundering Conspiracies

BOSTON – A New York City man was charged yesterday with conspiracies to engage in computer hacking, trafficking in stolen payment card numbers, and money laundering.
www.justice.gov

---
SaltStack FrameWork Vulnerabilities Affecting Cisco Products

On April 29, 2020, the Salt Open Core team notified their community regarding the following two CVE-IDs: CVE-2020-11651: Authentication Bypass Vulnerability CVE-2020-11652: Directory Traversal Vulnerability Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is running the salt-master service that ...
tools.cisco.com

 

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.